Joined: 12 May 2004
|Posted: Thu May 27, 2021 7:26 pm Post subject: [ GLSA 202105-37 ] Nextcloud Desktop Client
|Gentoo Linux Security Advisory
Title: Nextcloud Desktop Client: User-assisted execution of arbitrary code (GLSA 202105-37)
A vulnerability in Nextcloud Desktop Client could allow a remote
attacker to execute arbitrary commands.
The Nextcloud Desktop Client is a tool to synchronize files from
Nextcloud Server with your computer.
Vulnerable: < 3.1.3
Unaffected: >= 3.1.3
Architectures: All supported architectures
It was discovered that Nextcloud Desktop Client did not validate URLs.
A remote attacker could entice a user to connect to a malicious
Nextcloud server to cause the execution of arbitrary commands with the
privileges of the user running the Nextcloud Desktop Client application.
There is no known workaround at this time.
All Nextcloud Desktop Client users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/nextcloud-client-3.1.3"